Over 380,000 URLs have been infected with malicious scripts in a massive SQL injection attack.
The injected code has been monitored over the past week as anti-malware companies worked out what was happening. The injected code redirects users to malicious addresses such as FakeAV and RougeAV.
The attack was first blogged about by Websense when only 28,000 sites were compromised but it soon started to spread across more URLs and domains. It was given the name LizaMoon by Websense because the original injected code called JavaScript routines stored at lizamoon.com, a URL registered a few days ago.Apart from a score of anti-malware trackers watching LizaMoon’s progress, it appears that the attackers are also monitoring the situation. Fresh code pointers are updated on infected Web sites to point to new JavaScript-hosting sites as the older hosting URL addresses are blocked.
Extremely large as this attack may be, John Kuhn, a senior global Internet threat analyst at IBM Internet Security Systems, still reckons it is not yet the biggest injection attack in recent years.
“We are not seeing near the volume compared to the ‘asprox’ and ‘dnf666’ attacks,” he blogged. “The reason for this is simple, the attacks seem to source from a few choice IPs which correspond back to the site being injected into the victim’s database. The Asprox SQL Injection attack, for instance, utilised a botnet to do the mass injection, giving them far more reach and bandwidth.”
Several iTunes sites have been infected but the way iTunes works, by encoding script tags, means that users were never at risk as the code could not execute on their machines.
SQL injection seems to be enjoying a phase of popularity at the moment and earlier this week sites belonging to Oracle’s Sun and MySQL subsidiaries were infected.
New chapter for famous name from Internet's early days, Napster, has been acquired and will…
Solving not-spots? Ofcom proposal to make UK the first European country to allow ordinary smartphones…
Pioneering robotaxi service from Alphabet's Waymo to go live in Washington DC next year, as…
Dozens of Chinese firms added to US export blacklist, in order to hamper Beijing's AI…
Chinese rival BYD overtakes global revenues of Elon Musk's Tesla, as record number of Tesla…
Messaging app Signal in the headlines after a journalist was invited to a top secret…
View Comments
They should give a death sentence for something like this if they can ever catch the perpetrators. Such and act hurts thousand upon thousands of people who's livelihoods and families may well depend on their website as a way of earning a living. I know they wont but they should. They need a very strong deterrent. This is as serious as the drug issue when analysed.